[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Octave-bug-tracker] [bug #58268] hdf5 load crashes on strings
From: |
Christian Häggström |
Subject: |
[Octave-bug-tracker] [bug #58268] hdf5 load crashes on strings |
Date: |
Tue, 28 Apr 2020 17:46:59 -0400 (EDT) |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 |
URL:
<https://savannah.gnu.org/bugs/?58268>
Summary: hdf5 load crashes on strings
Project: GNU Octave
Submitted by: saturn
Submitted on: Tue 28 Apr 2020 11:46:57 PM CEST
Category: Octave Function
Severity: 3 - Normal
Priority: 5 - Normal
Item Group: Segfault, Bus Error, etc.
Status: None
Assigned to: None
Originator Name:
Originator Email:
Open/Closed: Open
Release: 5.2.0
Discussion Lock: Any
Operating System: GNU/Linux
_______________________________________________________
Details:
Minimal testcase can be created with this Python snippet, also attached.
python3 -c "import h5py, numpy; f = h5py.File('outfile.hdf5', 'w');
f.create_dataset('scan/date', data=numpy.string_('Mon Jun 18 03:34:30 2018'));
f.close()"
$ octave-cli --version
GNU Octave, version 5.2.0
$ octave-cli --eval "load outfile.hdf5"
free(): invalid next size (fast)
fatal: caught signal Aborted -- stopping myself...
Aborted
$ valgrind octave-cli --eval "load outfile.hdf5"
==238738== Invalid write of size 1
==238738== at 0x483B114: memcpy@GLIBC_2.2.5 (vg_replace_strmem.c:1034)
==238738== by 0x715A2CF: H5D__scatter_mem (in
/usr/lib/x86_64-linux-gnu/libhdf5_serial.so.103.2.0)
==238738== by 0x715A911: H5D__scatgath_read (in
/usr/lib/x86_64-linux-gnu/libhdf5_serial.so.103.2.0)
==238738== by 0x7142E22: H5D__contig_read (in
/usr/lib/x86_64-linux-gnu/libhdf5_serial.so.103.2.0)
==238738== by 0x7156755: H5D__read (in
/usr/lib/x86_64-linux-gnu/libhdf5_serial.so.103.2.0)
==238738== by 0x7156B68: H5Dread (in
/usr/lib/x86_64-linux-gnu/libhdf5_serial.so.103.2.0)
==238738== by 0x5217072: octave_char_matrix_str::load_hdf5(long, char
const*) (in /usr/lib/x86_64-linux-gnu/liboctinterp.so.7.0.1)
==238738== by 0x56ACBBB: ??? (in
/usr/lib/x86_64-linux-gnu/liboctinterp.so.7.0.1)
==238738== by 0x71C44ED: ??? (in
/usr/lib/x86_64-linux-gnu/libhdf5_serial.so.103.2.0)
==238738== by 0x71CBAC7: H5G__node_iterate (in
/usr/lib/x86_64-linux-gnu/libhdf5_serial.so.103.2.0)
==238738== by 0x70FEA25: ??? (in
/usr/lib/x86_64-linux-gnu/libhdf5_serial.so.103.2.0)
==238738== by 0x70FFFA9: H5B_iterate (in
/usr/lib/x86_64-linux-gnu/libhdf5_serial.so.103.2.0)
==238738== Address 0xd124428 is 0 bytes after a block of size 24 alloc'd
==238738== at 0x483750F: operator new[](unsigned long)
(vg_replace_malloc.c:433)
==238738== by 0x521700F: octave_char_matrix_str::load_hdf5(long, char
const*) (in /usr/lib/x86_64-linux-gnu/liboctinterp.so.7.0.1)
It looks to me that octave forgets to allocate space for the trailing NUL
byte. Please observe that this file was not created by Octave itself, but even
if Octave rejects the file it should not crash.
_______________________________________________________
File Attachments:
-------------------------------------------------------
Date: Tue 28 Apr 2020 11:46:57 PM CEST Name: outfile.hdf5 Size: 5KiB By:
saturn
<http://savannah.gnu.org/bugs/download.php?file_id=48962>
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?58268>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
- [Octave-bug-tracker] [bug #58268] hdf5 load crashes on strings,
Christian Häggström <=
- [Octave-bug-tracker] [bug #58268] hdf5 load crashes on strings, Rik, 2020/04/28
- [Octave-bug-tracker] [bug #58268] hdf5 load crashes on strings, Rik, 2020/04/28
- [Octave-bug-tracker] [bug #58268] hdf5 load crashes on strings, Christian Häggström, 2020/04/29
- [Octave-bug-tracker] [bug #58268] hdf5 load crashes on strings, Elvis Stansvik, 2020/04/29
- [Octave-bug-tracker] [bug #58268] hdf5 load crashes on strings, Elvis Stansvik, 2020/04/29
- [Octave-bug-tracker] [bug #58268] hdf5 load crashes on strings, Elvis Stansvik, 2020/04/29
- [Octave-bug-tracker] [bug #58268] hdf5 load crashes on strings, Elvis Stansvik, 2020/04/29